QUESTION 62Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a server named Web1 that runs Windows Server 2016.You need to list all the SSL certificates on Web1 that will expire during the next 60 days.Solution: You run the following command.

Does this meet the goal?

A. YesB. No

Answer: B

QUESTION 63Your network contains an Active Directory domain named contoso.com.The domain contains a user named User1 and an organizational unit (OU) named OU1.You create a Group Policy object (GPO) named GPO1.You need to ensure that User1 can link GPO1 to OU1.What should you do?

A. Modify the security setting of User1.B. Add User1 to the Group Policy Creator Owner group.C. Modify the security setting of OU1.D. Modify the security setting of GPO1.

Answer: D

QUESTION 64Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You deploy a new Active Directory forest.You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.Solution: You configure Kerberos constrained delegation on the computer account of each member server.Does this meet the goal?

A. YesB. No

Answer: B

QUESTION 65Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.Your network contains an Active Directory domain named contoso.com.The domain contains a DNS server named Server1. All client computers run Windows 10.On Server1, you have the following zone configuration.

You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT).Does this meet the goal?

A. YesB. No

Answer: AExplanation:The NRPT stores configurations and settings that are used to deploy DNS Security Extensions (DNSSEC), and also stores information related to DirectAccess, a remote access technology.Note: The Name Resolution Policy Table (NRPT) is a new feature available in Windows Server 2008 R2. The NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces. When performing DNS name resolution, the DNS Client service checks the NRPT before sending a DNS query. If a DNS query or response matches an entry in the NRPT, it is handled according to settings in the policy. Queries and responses that do not match an NRPT entry are processed normally.References: https://technet.microsoft.com/en-us/library/ee649207(v=ws.10).aspx

QUESTION 66You network contains an Active Directory domain named contoso.com.The domain contains an Active Directory Federation Services (AD FS) server named ADFS1, a Web Application Proxy server named WAP1, and a web server named Web1.You need to publish a website on Web1 by using the Web Application Proxy.Users will authenticate by using OAuth2 preauthentication.What should you do first?

A. On Web1, add site bindings.B. On Web1, add handler mappings.C. On ADFS1, enable an endpoint.D. On ADFS1, add a claims provider trust.

Answer: D

QUESTION 67Your network contains an Active Directory domain named contoso.com.The domain contains five domain controllers.You have a branch office that has a local support technician named Tech1.Tech1 installs Windows Server 2016 on a server named RODC1 in a workgroup.You need Tech1 to deploy RODC1 as a read-only domain controller (RODC) in the contoso.com domain.Which three actions should you perform? Each correct answer presents part of the solution.

A. Instruct Tech1 to run the Active Directory Domain Services Configuration Wizard.B. Create an RODC computer account by using Active Administrative Center.C. Instruct Tech1 to run dcpromo.exe on RODC1.D. Instruct Tech1 to install the Active Directory Domain Services server role on RODC1.E. Modify the permissions of the Domain Controllers organizational unit (OU).

Answer: ACD

QUESTION 68Your network contains an Active Directory forest. The forest functional level is Windows Server 2016.You have a failover cluster named Cluster1. Cluster1 has two nodes named Server1 and Server2. All the optional features in Active Directory are enabled.A junior administrator accidentally deletes the computer object named Cluster1.You discover that Cluster1 is offline.You need to restore the operation of Cluster1 in the least amount of time possible.What should you do?

A. Run the Enable-ADAccount cmdlet from Windows PowerShell.B. Perform an authoritative restore by running ntdutil.exe.C. Perform a tombstone reanimation by running ldp.exe.D. Recover a deleted object from the Active Directory Recycle Bin.

Answer: D

QUESTION 69Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.Your network contains an Active Directory domain named contoso.com.The domain functional level is Windows Server 2012 R2.Your company hires a new security administrator to manage sensitive user data.You create a user account named Security1 for the security administrator.You need to ensure that the password for Security1 has at least 12 characters and is modified every 10 days. The solution must apply to Security1 only.Which tool should you use?

QUESTION 70Your network contains an Active Directory domain. All client computers run Windows 10.A client computer named Computer1 was in storage for five months and was unused during that time.You attempt to sign in to the domain from Computer1 and receive an error message.You need to ensure that you can sign in to the domain from Computer1.What should you do?

A. Unjoin Computer1 from the domain, and then join the computer to the domain.B. From Active Directory Administrative Center, reset the computer account of Computer1.C. From Active Directory Administrative Center, disable Computer1, and then enable the computer account of Computer1.D. From Active Directory Users and Computers, run the Delegation of Control Wizard.

Answer: B

QUESTION 71You network contains an active Directory domain. The domain contains 20 domain controllers.You discover that some Group Policy objects (PROs) are not being applied by all the domain controllers.You need to verify whether GPOs replicate successfully to all the domain controllers.What should you do?

A. Set BurFlags in the registry, and then restart the File Replication Service (FRS). Run dcdiag.exe for each domain controller.B. Set BurFlags in the registry, and then restart the File Replication Service (FRS). View the Directory Service event log.C. From Group Policy Management, view the Status tab for the domain.D. Run repadmin.exe for each GPO.

Answer: C

QUESTION 72Your company has a marketing department and a security department.The network contains an Active Directory domain named contoso.com.The domain contains an enterprise certification authority (CA).You have two organizational units (OUs) named MKT_UsersOU and MKT_ComputersOU. MKT_UsersOU contains the user accounts for the users in the marketing department. MKT_ComputersOU contains the computer accounts for the computers in the marketing department.A Group policy object (GPO) named GPO1 is linked to MKT_UsersOU.A GPO named GPO2 linked to MKT_ComputersOU.You plan to deploy a web application for the marketing department users.The application will require certificates for authentication.The security department configures the CA to support the planned deployment.You need to ensure that the web application can authenticate the marketing department users.What should you do?